Emulator Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-1 |
Overview
Emulator Detection identifies when an app appears to be running in an Android emulator or iOS simulator rather than on a physical user device. Emulators and simulators are essential for development and QA, but in production they are also commonly used for automation, dynamic analysis, fraud, and reverse engineering.
When emulator or simulator risk is detected, AppTego applies your configured response.
When To Use It
Use this control when your app needs to reduce risk from:
- Automated account creation, credential stuffing, referral abuse, or click fraud.
- Dynamic analysis of protected app behavior in controlled environments.
- Fraud farms that run many app instances at scale.
- Security policies that require production use on physical devices only.
How It Works
The protected app evaluates platform, hardware, environment, and runtime signals associated with emulated or simulated devices. Android and iOS expose different indicators, so AppTego uses platform-appropriate detection logic.
Public documentation does not expose exact device fingerprints, system properties, file markers, hardware identifiers, signal weights, or thresholds. These details are protection logic and may change as emulator products and mobile platforms evolve.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Environment Detection section. Under this section you will find the Emulator Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"EmulatorDetectionResponse": {
"detection": true,
"protection": false,
"action": "close",
"title": "Emulator Detected",
"message": "This application cannot run in an emulator environment.",
"buttons": ["OK"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables emulator and simulator detection. |
protection | Included for schema consistency with other controls. |
action | Selects the response style, such as close, alert, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Disable or soften this control in development, QA, and automated test builds where emulators are expected.
- Cloud testing services may look like emulator environments. Keep CI/CD and release configurations separate.
- Some legitimate Android devices have unusual hardware profiles. Start with telemetry when serving a broad consumer device base.
- Emulator detection is strongest when paired with root, hook, debugger, app tamper, and attestation controls.